-
Notifications
You must be signed in to change notification settings - Fork 23
Expand file tree
/
Copy pathvalues.seed.example.yaml
More file actions
138 lines (132 loc) · 5.45 KB
/
values.seed.example.yaml
File metadata and controls
138 lines (132 loc) · 5.45 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
# Copyright 2020 The Kubermatic Kubernetes Platform contributors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
minio:
storeSize: '200Gi'
storageClass: kubermatic-backup
credentials:
# generated access key length should be at least 3 characters
accessKey: "YOUR-ACCESS-KEY"
# generated secret key length should be at least 8 characters
secretKey: "YOUR-SECRET-KEY"
#-------------------------------------------------------------------------------Seed MLA stack
prometheus:
host: prometheus.mla.seed.kkp.example.com
storageSize: '250Gi'
tsdb:
retentionTime: '30d'
# only load the KKP-master alerts, as this cluster is not a shared master/seed
ruleFiles:
- /etc/prometheus/rules/general-*.yaml
- /etc/prometheus/rules/kubermatic-seed-*.yaml
- /etc/prometheus/rules/managed-*.yaml
- /etc/prometheus/rules/usercluster-mla-*.yaml
alertmanager:
host: alertmanager.mla.seed.kkp.example.com
grafana:
user: admin
password: adm1n
provisioning:
configuration:
auto_assign_org_role: Editor
disable_login_form: false
root_url: https://grafana.mla.seed.kkp.example.com
datasources:
lokiServices:
- loki
prometheusService:
- prometheus
loki:
persistence:
size: '100Gi'
#-----------------------------------------------------------------------------------IAP
iap:
oidc_issuer_url: https://keycloak.example.com/realms/realm-id # Update the KeyCloak realm URL to be used.
deployments:
prometheus:
name: prometheus
ingress:
host: prometheus.mla.seed.kkp.example.com
upstream_service: prometheus.monitoring.svc.cluster.local
upstream_port: 9090
client_id: seed-mla
# client_secret is the "secret" from the KeyCloak client "seed-mla" config
client_secret: <copy value from KeyCloak>
# generate a fresh secret key here
encryption_key: <generate random secret key here>
config:
scope: openid email profile roles groups
email_domains:
- kkp.example.com
insecure_oidc_allow_unverified_email: "true" # TO BE Removed later if added email domain is valid and emails are verified
pass_user_headers: true
skip_auth_regex:
- /-/health
alertmanager:
name: alertmanager
ingress:
host: alertmanager.mla.seed.kkp.example.com
upstream_service: alertmanager.monitoring.svc.cluster.local
upstream_port: 9093
client_id: seed-mla
# client_secret is the "secret" from the KeyCloak client "seed-mla" config
client_secret: <copy value from KeyCloak>
# generate a fresh secret key here
encryption_key: <generate random secret key here>
config:
scope: openid email profile roles groups
email_domains:
- kkp.example.com
insecure_oidc_allow_unverified_email: "true" # TO BE Removed later if added email domain is valid and emails are verified
pass_user_headers: true
skip_auth_regex:
- /-/health
grafana:
name: grafana
ingress:
host: grafana.mla.seed.kkp.example.com
upstream_service: grafana.monitoring.svc.cluster.local
upstream_port: 3000
client_id: seed-mla
# client_secret is the "secret" from the KeyCloak client "seed-mla" config
client_secret: <copy value from KeyCloak>
# generate a fresh secret key here
encryption_key: <generate random secret key here>
config:
scope: openid email profile roles groups
email_domains:
- kkp.example.com
insecure_oidc_allow_unverified_email: "true" # TO BE Removed later if added email domain is valid and emails are verified
pass_user_headers: true
skip_auth_regex:
- /api/health
karma:
name: karma
ingress:
host: karma.mla.seed.kkp.example.com
upstream_service: karma.monitoring.svc.cluster.local
upstream_port: 8080
client_id: seed-mla
# client_secret is the "secret" from the KeyCloak client "seed-mla" config
client_secret: <copy value from KeyCloak>
# generate a fresh secret key here
encryption_key: <generate random secret key here>
config:
scope: openid email profile roles groups
email_domains:
- kkp.example.com
insecure_oidc_allow_unverified_email: "true" # TO BE Removed later if added email domain is valid and emails are verified
pass_user_headers: true
certIssuer:
name: letsencrypt-prod
kind: ClusterIssuer